bundlewrap/bundles/unbound/metadata.py

70 lines
1.5 KiB
Python
Raw Normal View History

2021-03-21 09:30:04 +00:00
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'unbound': {},
'unbound-anchor': {},
},
},
'cron': {
'unbound_refresh_root-hints': '{} {} * * {} root wget -q -O/etc/unbound/root-hints.txt https://www.internic.net/domain/named.root'.format(
node.magic_number%60,
node.magic_number%24,
node.magic_number%7,
),
},
'nameservers': {
'127.0.0.1',
},
'unbound': {
'max_ttl': 3600,
2020-12-22 08:22:37 +00:00
'cache_size': '512M',
},
}
2021-04-23 17:31:28 +00:00
if node.has_bundle('telegraf'):
defaults['telegraf'] = {
'input_plugins': {
'builtin': {
'unbound': [{
'thread_as_tag': True,
'use_sudo': True
2021-04-23 17:31:28 +00:00
}],
},
},
'sudo_commands': {
'/usr/sbin/unbound-control',
},
2021-04-23 17:31:28 +00:00
}
@metadata_reactor.provides(
'unbound/threads',
'unbound/cache_slabs',
)
2020-12-22 08:22:37 +00:00
def cpu_cores_to_config_values(metadata):
num_cpus = metadata.get('vm/cpu', 1)
return {
'unbound': {
2020-12-22 08:22:37 +00:00
'threads': num_cpus*2,
'cache_slabs': 2**(num_cpus-1).bit_length(),
},
}
@metadata_reactor.provides(
'firewall/port_rules',
)
def firewall(metadata):
return {
'firewall': {
2021-03-21 09:30:04 +00:00
'port_rules': {
'53': atomic(metadata.get('unbound/restrict-to', set())),
'53/udp': atomic(metadata.get('unbound/restrict-to', set())),
},
},
}